Can America’s democracy be hacked? Many security researchers have looked into the voting system and have found countless loopholes. However, many questions have been left unanswered. With the looming 2020 election, it’s more important than ever to see if the US election can be hacked.
Different states use different voting machines. This means the whole system can’t be hacked at once, but it also means hackers can find the states with the weakest cybersecurity and strike there. If they succeed, they could sway election results to one side or the other. But what do these “weak links” look like?
To understand this, we first need to know the type of machines used for the voting. There are two – optical voting machines and direct recording electronic (DRE) machines. The former uses paper ballots that you fill in and the machine scans and tabulates. The paper ballot is kept in case the vote needs to be verified or an audit needs to be conducted. DRE machines record your vote electronically. Some provide a paper trail, some don’t.
Now, though counting the votes might be annoying, 22 states have chosen to use paper ballots only for security reasons. Their machines may be hackable, but they have paper ballots to compare their results with. The remaining states use either both Optical and DRE machines or only DRE machines.
Most of these machines are more than 10 years old. They were designed at a time when no one considered the need for internet connectivity, firewalls, or cybersecurity. They are so outdated that their software providers, including Microsoft, stopped issuing software updates a long time ago. It’s no surprise that they present many vulnerabilities.
Using a mixture of Optical and DRE machines leaves more than half of the country vulnerable. To make matters worse, there are 5 states (Delaware, Georgia, Louisiana, New Jersey, South Carolina) that use DRE machines only.
However, this is far from impossible. Voting machines have been thoroughly studied and exploited at hacking events such as DEFCON. They are also easily accessible to pretty much anyone – you can buy them on Ebay. Hackers have a good idea of what hides behind these outdated voting machines’ covers.
This hack is possible and isn’t too difficult to implement. The hardest part would be to mobilize enough people and resources to actually have any major impact.
Hacking voting machines is possible, but that would require a lot of resources and might not be practical. To have a national effect, hackers have to think big. That means using various techniques to infect the voting process before voters even reach the voting booth. But how?
This is what hackers might try to do to achieve a sufficient scale to sway an election. The scary thing is that none of the hacks below are out of the ordinary or impossible to achieve.
Hacking a voter’s brain is the worst hack of them all. Changing someone’s perception about the matter without them noticing is scary, immoral and insidious.
The Cambridge Analytica scandal that some say influenced the 2016 election showed us the powerful new tools being used to shape public opinion without accountability. Even without concrete evidence on how many votes may have been swayed, it still planted a seed of doubt – “Is my vote worth a thing?”
Americans are proud of their freedom of choice, so they rely heavily on media to gather information and form their opinions. Hackers or organizations can turn that against them by hacking social media with fake ads, fake profiles and disinformation. They could also flood other media channels with fake news.
Such attacks are particularly dangerous as they can be governmental or state sponsored. This means a foreign government could try to interfere with the US election. They would also have sufficient funds to reach bigger audiences and perform more intricate attacks that require more resources.
Many of the hacks above could be prevented by employing simple cybersecurity measures, replacing old voting machines with newer and more secure ones, using paper ballots, or conducting security audits. However, most of these changes cannot be made without extra funding or new legislation, which does not seem to be forthcoming in the US. This leaves the 2020 election vulnerable to interference and hacking.
Update: 3 September 2020. Only two months before the US presidential election, the personal information of millions of voters from Michigan, Arkansas, Connecticut, Florida, and North Carolina was made available on the Russian dark web.
Reports indicate that the data included names, dates of birth, gender, physical addresses, emails, voter registration numbers, date of registration, and polling stations.
US authorities claim that public voter information is available through FOIA (Freedom of Information Act) requests and no cyber attacks on election databases have occurred. However, the leaked info does include private and privileged information. While it depends on the state how much information you can get upon FOIA request, political parties typically have the widest access. If there were indeed no attacks on government databases, hackers may have targeted party databases instead.
While the origins of the leak are unclear, it is clear that voter information, and by extension many voters, remain extremely vulnerable.
For more cybersecurity tips, subscribe to our free monthly newsletter below!